GDPR & Data Protection

gowrite is committed to protecting your personal data and respecting your privacy rights. We comply with the UK General Data Protection Regulation (GDPR), the EU General Data Protection Regulation (EU 2016/679), the California Consumer Privacy Act (CCPA), and equivalent data protection laws in jurisdictions where we operate.

Data protection and privacy are fundamental to how we operate. We process your personal data lawfully, fairly, and transparently, with appropriate safeguards in place to protect your information.

gowrite Ltd is the data controller responsible for your personal data.

Registration: gowrite Ltd is registered in England and Wales.

Contact for data protection enquiries: contact us

We process the following categories of personal data:

• Account data: Your email address, name, account credentials, and profile preferences.
• Manuscript content: Text and creative works you upload or store on gowrite.
• Usage analytics: Information about how you use the Service, including pages visited, features accessed, and session duration (collected via analytics tools).
• Payment records: Billing information processed through our payment processor, Stripe. We do not store full credit card details.
• Communication data: Records of correspondence with our support team.

For a comprehensive explanation of our data collection and use practices, please consult our Privacy Notice.

We process your personal data on the following lawful bases under the GDPR:

• Contract: Processing your account data and manuscript content is necessary to perform our contract with you (providing the Service).
• Legitimate interests: We process usage analytics and other data to improve the Service, prevent fraud, maintain security, and understand user behaviour, where these interests outweigh your privacy rights.
• Consent: Where required by law, we rely on your consent to send marketing communications or to set optional analytics cookies. You may withdraw consent at any time.
• Legal obligation: We are required to process and retain certain data for tax, accounting, and regulatory compliance purposes.

If you are located in the European Union, the United Kingdom, or another jurisdiction with equivalent data protection law, you have the following rights:

• Right of access: You have the right to request a copy of the personal data we hold about you. We will provide this in a structured, commonly used, and machine-readable format.
• Right to rectification: You may request that we correct or update any inaccurate or incomplete personal data.
• Right to erasure (“right to be forgotten”): You may request that we delete your personal data, subject to certain exceptions (e.g., where we are required by law to retain it or where deletion is technically impractical).
• Right to restrict processing: You may ask us to limit how we use your personal data while we verify its accuracy or while you object to processing.
• Right to data portability: You may request that we provide your personal data in a portable format so you can transfer it to another service.
• Right to object: You may object to processing based on legitimate interests or for direct marketing purposes. We will cease processing for direct marketing upon request.
• Right to withdraw consent: Where we rely on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before the withdrawal.

These rights are not absolute and are subject to exceptions under applicable law. For example, we may be unable to comply with an erasure request if we are required to retain the data for legal or accounting purposes.

If you are a resident of California, you have the following rights under the California Consumer Privacy Act:

• Right to know: You have the right to request that we disclose what personal information we have collected, used, and shared about you.
• Right to delete: You have the right to request that we delete the personal information we have collected from you, subject to certain exceptions.
• Right to opt-out: You have the right to opt-out of the sale or sharing of your personal information for targeted advertising. gowrite does not sell your personal information.
• Right to non-discrimination: We will not discriminate against you for exercising your privacy rights. We will not deny you services, charge different prices, or provide different quality of service.

To exercise your CCPA rights, please contact us.

Your personal data may be processed in the United States, the European Union, or other jurisdictions where gowrite or our service providers operate.

Transfer mechanisms: Where data is transferred from the European Economic Area or the United Kingdom to countries without an adequacy decision, we rely on one or more of the following legal mechanisms:

• Standard Contractual Clauses: We have executed Standard Contractual Clauses (SCCs) with service providers to ensure your personal data receives appropriate protection.
• Adequacy decisions: We transfer data to jurisdictions with an adequacy decision (e.g., as currently exists between the UK and EEA).

Service providers: Your data may be processed by:

• Vercel (hosting): Your manuscript content and account data are hosted on Vercel's infrastructure, which is located in the United States.
• Anthropic (AI processing): Where you use AI-assisted writing features, your manuscript text is transmitted to Anthropic’s API solely to generate the result requested. Anthropic is located in the United States and processes data in accordance with its data processing terms.
• Stripe (payments): Payment information is processed by Stripe and is subject to Stripe’s privacy and security standards.

If you are located in the EEA or UK and would like more information about data transfer safeguards, please contact us.

For enquiries regarding our data protection practices, compliance with data protection law, or to discuss your rights, please contact:

Contact: Send us a message

We will respond to data protection enquiries promptly and in accordance with applicable law.

To exercise any of your privacy or data protection rights, please send a written request to:

Contact us →

Verification: We may ask you to provide information to verify your identity before we process your request. This helps us protect your personal data and prevent unauthorised access.

Timeline: We will endeavour to respond to your request within 30 days of receipt (or within the timeframe specified by applicable law). If we require additional time, we will inform you of the extension and the reasons for the delay.

No charge: We will not charge you a fee for processing reasonable requests to exercise your rights, except where permitted by applicable law.

If you believe we have breached your data protection rights or applicable data protection law, you have the right to lodge a complaint with the relevant supervisory authority:

• United Kingdom: Information Commissioner’s Office (ICO) at ico.org.uk
• European Union: Your local data protection supervisory authority (please visit edpb.ec.europa.eu to find your authority)
• California: You may contact the California Attorney General at oag.ca.gov or submit a complaint through the California Consumer Privacy Act process.

Lodging a complaint with a supervisory authority will not prejudice any other legal remedies you may have. We encourage you to contact us first so we can attempt to resolve your concerns.

We retain your personal data for as long as necessary to provide the Service and to comply with legal obligations. Generally:

• Account data: Retained while your account is active, plus a reasonable period thereafter to comply with tax and accounting obligations.
• Manuscript content: Retained while your account is active. You may delete your content at any time through your account settings. Upon account deletion, your content will be permanently deleted within a reasonable timeframe.
• Usage analytics: Retained for up to 12 months to improve the Service.
• Payment records: Retained for up to 7 years as required by tax and accounting law.

gowrite is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that a user is under 16, we will promptly close the account and delete associated data (except where we are required by law to retain it).

Users in the United States under 13 years of age are prohibited from using the Service in accordance with the Children’s Online Privacy Protection Act (COPPA).

We may update this Data Protection page from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by email or by a prominent notice within the Service at least 14 days before the change takes effect.